Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2018
CVE-2018-13359
Cross-site scripting in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "modgroup" parameter.
CVSS Score
8.8
EPSS Score
0.026
Published
2018-11-27
CVE-2018-13360
Cross-site scripting in Text Editor in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "filename" URL parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-11-27
CVE-2018-13361
User enumeration in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to list all system users via the "modgroup" parameter.
CVSS Score
5.3
EPSS Score
0.016
Published
2018-11-27
CVE-2018-13418
System command injection in ajaxdata.php in TerraMaster TOS 3.1.03 allows attackers to execute system commands via the "newname" parameter.
CVSS Score
8.8
EPSS Score
0.12
Published
2018-11-27
CVE-2018-13330
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands during group creation via the "groupname" parameter.
CVSS Score
7.2
EPSS Score
0.126
Published
2018-11-27
CVE-2018-13331
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing users by placing JavaScript in their usernames.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-11-27
CVE-2018-13332
Directory Traversal in the explorer application in TerraMaster TOS version 3.1.03 allows attackers to upload files to arbitrary locations via the "path" URL parameter.
CVSS Score
7.5
EPSS Score
0.006
Published
2018-11-27
CVE-2018-13333
Cross-site scripting in File Manager in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript in the permissions window by placing JavaScript in users' usernames.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-11-27
CVE-2018-13335
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing shared folders via their descriptions.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-11-27
CVE-2018-13336
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "pwd" parameter during user creation.
CVSS Score
9.8
EPSS Score
0.125
Published
2018-11-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved